If the requested 'user name' does not exist, the server MAY
disconnect, or MAY send a bogus list of acceptable authentication
'method name' values, but never accept any. This makes it possible
for the server to avoid disclosing information on which accounts
exist. In any case, if the 'user name' does not exist, the
authentication request MUST NOT be accepted.